Quantcast
Channel: thalessim Discussions Rss Feed
Viewing all 279 articles
Browse latest View live

New Post: static (clear) BDK?

December 20, 2013, 12:27 pm
$
0
0
unfortunately, i'm away from my desk for a couple of weeks so won't be able to help for a bit

i do know that significant changes were introduced recently on the 9000 for generation and export of IPEKs, so i don't know how successful you'll be on the 8000

i'll try to have a look in the new year

H
Search

New Post: static (clear) BDK?

December 20, 2013, 8:57 pm
$
0
0
thanks hexdrill

ive gone over the HSM operations and installation manual (of RG7000) which provides GC command (generate key component). interestingly, it suggests output will be displayed in plain and encrypted form:
Connected - Type in commands followed by ENTER.
GC
Key length [1,2,3]: 2
Key Type: 009
Key Scheme: U
Clear Component: FB7F 07C7 61F8 A82A 0ECD 6B19 E3C8 97BF
Encrypted Component: U D85D 2C6C E7D0 9064 EA43 26A6 57AC 0784
Key check value: E7CF C1
 
 
The clear component is the BDK, while encrypted component is BDK under LMK 28-29. Keys worked in simulated code, will now test on actual hardware HSM.

Will post an update with next findings.

New Post: PKCS#11 Java interface to Thalessim

January 7, 2014, 12:15 am
$
0
0
Hi,
Is is possible to interface via Java PKCS#11 to Thalessim....Any pointers appreciated.
Sitaraman

New Post: Does the smulator support

February 3, 2014, 7:16 am
$
0
0
the JAVA JCE environment? I have read the documentation but I am not fully sure how I would set things up. From my horizon the simulator would play the role of a network connected hardware unit, and if everything worked in an analogue way, I would expect to set up my Key Management/config/config.xml to point to 127.0.0.1, port 9998 and follow the nshield_connect_and_netHSM_user_guide.pdf on how to setup a secure world. When done I would expect to be able to run the /cygdrive/c/Program\ Files/Java/jdk1.6.0_30/bin/java com.ncipher.provider.InstallationTest class to get a suitable printout (yep, I do realize that I have to setup security.policy and set the policy to cover unrestricted cryptography, all done :-).

HOwever, it seams like I don't get a connection? Nor Am i able to run command like anonkneti.exe -p 9998 127.0.0.1 to reach simulator (the simulator gets a connect but no further information is presented).

Given my newbie status on this platform, I guess the problem resides between the chair and the keyboard, but any pointers would be greatly appreciated!

regards

New Post: Custiodian parts from Thales 8000 on to a Safenet Luna SA HSM

February 4, 2014, 4:27 am
$
0
0
Hej!

I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.

I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.

So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?

I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".

The keys are generate with the GC command like:
gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u

resulting in somthing like:
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF

Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56

Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA

Final Key check value for the above three componets is: BADB AD

COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.

Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.

New Post: Decrypt to clear PIN from PINBlock

February 20, 2014, 9:29 am
$
0
0
Dear everybody
I have clear Zone PIN Key (ZPK) and I have full PAN number
If I have PINBlock that is encrypted by ZPK and my Thales HSM connects directly to a dot matrix printer via COM port of HSM.
So is it possible to decrypt to clear PIN and print it into PIN mailer via HSM and printer ?

Please guide me!
Thanks for your support.

New Post: PKCS#11 Java interface to Thalessim

March 16, 2014, 5:17 am
$
0
0
Hi,

Same question here, is there a PKCS#11 API for Thalessim?


/Nima

New Post: Thales HSM plain text encryption decryption

March 19, 2014, 11:21 pm
$
0
0
Hi ,


I'm trying to do a plain text encryption and decryption using the a single DEK of 32 bytes.

The commands M0 & M2 are getting executed without error ............but the result
post decryption (M3) is'nt right. Instead of getting the original text.......the response M3 shows further encrypted values. Please help .

Thanks,
Sashi
Search

New Post: Thales HSM plain text encryption decryption

March 20, 2014, 10:44 pm
$
0
0
Hi ,

Thanks
This was resolved , just changed input format flag to hex encoded binary

New Post: I got error code 13 Invalid LMK identifier

April 23, 2014, 1:08 am
$
0
0
When i sending any command to HSM it give me error 13 "Invalid LMK Identifier".

Command NO

Message heaser(16 character) : ABCDEFG000000000
Command : NO
Mode Flag : 00

Response Return from HSM : ABCDEFG000000000NP13

Please tell me how could i resolve this error.

New Post: I got error code 13 Invalid LMK identifier

May 4, 2014, 2:52 pm
$
0
0
Hi!

Try to use decimal header, like, 123456000000000000000.

New Post: PKCS#11 Java interface to Thalessim

May 4, 2014, 2:55 pm
$
0
0
Hi!

Unfortunately no. PKCS#11 is a standard (like ISO) protocol, but Thales paymebnt HSM (RG7000, HSM8000, payShield9000) has it's own proprietary protocol.

New Post: EMV Chip/Pin command list as Issuer

May 9, 2014, 12:28 pm
$
0
0
Does anyone know the details about what all Thales commands I need to use for generating Chip data as an EMV chip/Pin credit card issuer ?

New Post: EMV Chip commands Payshield 9000 completely different

May 12, 2014, 1:41 pm
$
0
0
Does the simulator support Payshield 9000 for sending EMV commands. I received an document from Thales about the commands in use for EMV are

K8, KE*, KG* etc etc.

New Post: EMV Chip/Pin command list as Issuer

May 14, 2014, 4:09 am
$
0
0
Hello!

For chip card issuing you should use different HSMs, not usual HSM8000 / payShield9000. These HSMs do not generate any chip data. The only data you can generate using payShield is PIN-block exported under ZPK key to be installed on chip.
Search

New Post: EMV Chip commands Payshield 9000 completely different

May 14, 2014, 4:17 am
$
0
0
No, currently Thales Sim does not support EMV commands. What is a license number to enable these commands? I can not find these commands in specification. :(

New Post: Thales HSM and using the TCP/IP

May 17, 2014, 11:20 pm
$
0
0
Hi,
we have the Thales HSM(P3CM) and i could connect to it via serial port and run commands.but
i can't connect to it via ethernet,i downloaded thalessim 0.9.6 but it doesn't work for connecting to
hsm(i think) .
how can i connect hsm via ethernet and run commands?

New Post: Thales HSM and using the TCP/IP

May 17, 2014, 11:21 pm
$
0
0
Hi,
we have the Thales HSM(P3CM) and i could connect to it via serial port and run commands.but
i can't connect to it via ethernet,i downloaded thalessim 0.9.6 but it doesn't work for connecting to
hsm(i think) .
how can i connect hsm via ethernet and run commands?

New Post: Thales HSM and using the TCP/IP

May 19, 2014, 1:23 am
$
0
0
Hi!

Thales SIM is HSM simolator, not a host simulator and can not be connected to P3CM (if i understood you correctly) since both of them are servers. What way are you trying to connect to P3CM? If you are writing you software to work with P3CM, you should note that each command must contais SW header, first two bytes of command must contain whole message length in binary representation:

<SW header (2 bytes)><HSM header><Command code><command data>

New Post: Excel VBA and ThalesCore.dl

May 19, 2014, 3:10 am
$
0
0
Hello,

I'm trying to make connection to 9998 port from an excel VBA socket program but no connection was established. I was able to establish connection using Hyper text terminal.

Then I saw the ThalesCore.dll. Is this dll compatible with VBA?
Viewing all 279 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>